HomeCVE Intelligence › CVE-2026-47405
CVSS 8.8 HIGH Vulnerability

CVE-2026-47405: PraisonAI Platform: Missing role checks let any workspace member become owner and control…

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-managem…

8.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-47405
Vendorpip
Affected Productpraisonai-platform
Vulnerability TypeVulnerability
CVSS Score8.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency require_workspace_member(...) without requiring admin or owner. The dependency defaults to min_role="member", so routes that should be administrative are accessible to ordinary workspace members. As a result, a normal workspace member can: - promote their own account from member to owner;

• add arbitrary users as owner or admin;
• change other members' roles;
• remove legitimate owners or members;
• take over workspace membership completely;
• perform destructive workspace operations after escalation. This is a bro

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-47405 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence